Skip to content

Bump the "dependencies" group with 2 updates across multiple ecosystems#112

Merged
cbusillo merged 1 commit into
mainfrom
dependabot/dependencies-a7aded8d46
May 29, 2026
Merged

Bump the "dependencies" group with 2 updates across multiple ecosystems#112
cbusillo merged 1 commit into
mainfrom
dependabot/dependencies-a7aded8d46

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Bumps the dependencies group in /frontend with 4 updates: @sveltejs/kit, eslint-plugin-svelte, svelte and typescript-eslint.

Updates @sveltejs/kit from 2.60.1 to 2.61.1

Release notes

Sourced from @​sveltejs/kit's releases.

@​sveltejs/kit@​2.61.1

Patch Changes

  • fix: regression where routes starting and ending with a route group are not matched correctly (#15903)

@​sveltejs/kit@​2.61.0

Minor Changes

  • breaking: the .run() method has been removed from remote queries on both the client and the server. Use await query() directly instead — it now works everywhere (#15779)

  • feat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (#15779)

  • feat: live query instances are now themselves async-iterable (#15878)

  • feat: add programmatic submit method to form remote function instances (#15657)

  • feat: pass form remote function instance into enhance callback (#15657)

Patch Changes

  • fix: resolve the app payload without using process.env.NODE_ENV (#15852)

  • fix: support exactOptionalPropertyTypes for optional route params (#15825)

  • fix: correctly send true value to the server for 'submit' and 'hidden' form fields (#15858)

  • fix: avoid build warnings about undefined universal hooks (#15895)

  • fix: prefer default error page when failing to decode the URL pathname (#15744)

  • fix: disable link prefetching on slow internet connections (#15885)

  • fix: allow routes ending with optional parameters next to more specific routes (#15861)

  • fix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (#15796)

Changelog

Sourced from @​sveltejs/kit's changelog.

2.61.1

Patch Changes

  • fix: regression where routes starting and ending with a route group are not matched correctly (#15903)

2.61.0

Minor Changes

  • breaking: the .run() method has been removed from remote queries on both the client and the server. Use await query() directly instead — it now works everywhere (#15779)

  • feat: remote queries can now be awaited in any context (event handlers, module scope, async callbacks), not just inside reactive contexts. The cache is shared across reactive and non-reactive subscribers, so awaiting a query in an event handler will dedupe with components that have already subscribed to the same query. (#15779)

  • feat: live query instances are now themselves async-iterable (#15878)

  • feat: add programmatic submit method to form remote function instances (#15657)

  • feat: pass form remote function instance into enhance callback (#15657)

Patch Changes

  • fix: resolve the app payload without using process.env.NODE_ENV (#15852)

  • fix: support exactOptionalPropertyTypes for optional route params (#15825)

  • fix: correctly send true value to the server for 'submit' and 'hidden' form fields (#15858)

  • fix: avoid build warnings about undefined universal hooks (#15895)

  • fix: prefer default error page when failing to decode the URL pathname (#15744)

  • fix: disable link prefetching on slow internet connections (#15885)

  • fix: allow routes ending with optional parameters next to more specific routes (#15861)

  • fix: remove reliance on Content-Length header in deserialize_binary_form, which caused failures when proxies (e.g. Vercel, Azure) strip the header and use chunked transfer encoding (#15796)

Commits
  • b714743 Version Packages (#15904)
  • 131fdc7 fix: regression where routes starting and ending with a route group are not f...
  • 4f961ab Version Packages (#15853)
  • 1817da0 fix: support exactOptionalPropertyTypes for optional route params (#15825)
  • 8feb2af chore: dedupe replacer code (#15877)
  • 95ca921 fix: remove Content-Length dependency in binary form deserialization (#15796)
  • e75024c feat: LiveQuery self-iterability (#15878)
  • 0cc67d9 fix: avoid build warnings about undefined hooks on Windows (#15895)
  • 1949057 chore(prefetch): disable link prefetching on slow internet connections (#15885)
  • 69b5787 fix: prefer the default error page when failing to decode the URL pathname (#...
  • Additional commits viewable in compare view

Updates eslint-plugin-svelte from 3.17.1 to 3.18.0

Release notes

Sourced from eslint-plugin-svelte's releases.

eslint-plugin-svelte@3.18.0

Minor Changes

Changelog

Sourced from eslint-plugin-svelte's changelog.

3.18.0

Minor Changes

Commits
  • fc83a38 chore: release eslint-plugin-svelte (#1535)
  • d3043d3 feat: add prefer-derived-over-derived-by rule (#1531)
  • aa8fe83 feat(no-navigation-without-resolve): recognizing nullish TS types as allowed ...
  • f110d75 feat: add no-nested-style-tag rule (#1530)
  • See full diff in compare view

Updates svelte from 5.55.9 to 5.55.10

Release notes

Sourced from svelte's releases.

svelte@5.55.10

Patch Changes

  • fix: unlink errored and otherwise finished batch (#18264)

  • perf: walk composedPath() directly in delegated event propagation (#18268)

  • fix: transfer effects when merging batches (#18254)

  • fix: allow $derived(await ...) in disconnected effect roots (#18273)

  • fix: remove temporary raw-text hydration markers (#18269)

  • fix: propagate async @const blockers through closure references so template expressions like {(() => host)()} correctly wait for the awaited value (#18309)

  • fix: properly unlink batches (#18298)

  • fix: settle discarded batch (#18290)

  • fix: declare let: directives before {@const} declarations on slotted elements (#18271)

  • fix: resume outro-ed branches if they were kept around (#18291)

  • fix: avoid waterfall-warning when async resolves to same value (#18297)

  • fix: correctly coordinate component-level effects inside async blocks (#18260)

  • fix: make unnecessary commit work less likely (#18263)

  • chore: add tag name to a11y_click_events_have_key_events warning (#18272)

  • fix: catch rejected promises while merging/committing (#18266)

Changelog

Sourced from svelte's changelog.

5.55.10

Patch Changes

  • fix: unlink errored and otherwise finished batch (#18264)

  • perf: walk composedPath() directly in delegated event propagation (#18268)

  • fix: transfer effects when merging batches (#18254)

  • fix: allow $derived(await ...) in disconnected effect roots (#18273)

  • fix: remove temporary raw-text hydration markers (#18269)

  • fix: propagate async @const blockers through closure references so template expressions like {(() => host)()} correctly wait for the awaited value (#18309)

  • fix: properly unlink batches (#18298)

  • fix: settle discarded batch (#18290)

  • fix: declare let: directives before {@const} declarations on slotted elements (#18271)

  • fix: resume outro-ed branches if they were kept around (#18291)

  • fix: avoid waterfall-warning when async resolves to same value (#18297)

  • fix: correctly coordinate component-level effects inside async blocks (#18260)

  • fix: make unnecessary commit work less likely (#18263)

  • chore: add tag name to a11y_click_events_have_key_events warning (#18272)

  • fix: catch rejected promises while merging/committing (#18266)

Commits

Updates typescript-eslint from 8.59.4 to 8.60.0

Release notes

Sourced from typescript-eslint's releases.

v8.60.0

8.60.0 (2026-05-25)

🚀 Features

  • rule-tester: added updates of RuleTester from upstream (#12291)

🩹 Fixes

  • playground TS version selector is not working (#12326, #12325)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.0 (2026-05-25)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Bumps the dependencies group with 4 updates: fastapi, sqlalchemy, starlette and uvicorn.

Updates fastapi from 0.136.1 to 0.136.3

Release notes

Sourced from fastapi's releases.

0.136.3

Refactors

  • ♻️ Do not accept underscore headers when using convert_underscores=True (the default). PR #15589 by @​tiangolo.

0.136.2

Refactors

  • ♻️ Validate Server Sent Event fields to avoid applications from sending broken data. PR #15588 by @​tiangolo.

Docs

Translations

Internal

... (truncated)

Commits
  • 8206485 🔖 Release version 0.136.3
  • c910e01 📝 Update release notes
  • 063b5bf ♻️ Do not accept underscore headers when using convert_underscores=True (th...
  • 22b02e2 🔖 Release version 0.136.2
  • 3b252a2 📝 Update release notes
  • c7fb785 ♻️ Validate Server Sent Event fields to avoid applications from sending broke...
  • cb83b83 📝 Update release notes
  • 00f805c ✅ Update tests, don't double dispose the engine (#15587)
  • 3675137 📝 Update release notes
  • 7b57e42 📝 Document --entrypoint CLI option (#15464)
  • Additional commits viewable in compare view

Updates sqlalchemy from 2.0.49 to 2.0.50

Release notes

Sourced from sqlalchemy's releases.

2.0.50

Released: May 24, 2026

orm

  • [orm] [bug] Fixed issue where using _orm.joinedload() with PropComparator.of_type() targeting a joined-table subclass combined with PropComparator.and_() referencing a column on that subclass would generate invalid SQL, where the subclass column was not adapted to the subquery alias. Pull request courtesy Joaquin Hui Gomez.

    References: #13203

  • [orm] [bug] Fixed issue where the presence of a SessionEvents.do_orm_execute() event hook would cause internal execution options such as yield_per and loader-specific state from the first orm_pre_session_exec pass to leak into the second pass, leading to errors when using relationship loaders such as selectinload() and immediateload(). The execution options passed to the second compilation pass are now based on the original options plus only the explicit updates made via ORMExecuteState.update_execution_options() within the event hook.

    References: #13301

  • [orm] [bug] Fixed issue where using _orm.with_polymorphic() on a leaf class (a subclass with no further descendants) or a non-inherited class would fail with an AttributeError when used in an ORM statement, due to _orm.configure_mappers() not being triggered implicitly. The fix ensures that AliasedInsp participates in the _post_inspect hook, triggering mapper configuration during ORM statement compilation.

    References: #13319

sql

  • [sql] [bug] Fixed issue where floor division (//) between a Float or Numeric numerator and an Integer denominator would omit the FLOOR() SQL wrapper on dialects where Dialect.div_is_floordiv is True (the default, including PostgreSQL and SQLite). FLOOR() is now applied if either the denominator or the numerator is a non-integer, so that expressions such as float_col // int_col render as FLOOR(float_col / int_col) instead of the incorrect float_col / int_col. Pull request courtesy r266-tech.

    References: #10528

postgresql

... (truncated)

Commits

Updates starlette from 1.0.1 to 1.2.0

Release notes

Sourced from starlette's releases.

Version 1.2.0

What's Changed

Full Changelog: Kludex/starlette@1.1.0...1.2.0

Version 1.1.0

What's Changed

New Contributors

Full Changelog: Kludex/starlette@1.0.1...1.1.0

Changelog

Sourced from starlette's changelog.

1.2.0 (May 28, 2026)

Added

  • Support httpx2 in the test client #3291.

1.1.0 (May 23, 2026)

Added

  • Use "application/octet-stream" as the FileResponse media type fallback #3283.

Fixed

  • Only dispatch standard HTTP verbs in HTTPEndpoint #3286.
  • Reject absolute paths in StaticFiles.lookup_path #3287.
Commits

Updates uvicorn from 0.47.0 to 0.48.0

Release notes

Sourced from uvicorn's releases.

Version 0.48.0

What's Changed

Full Changelog: Kludex/uvicorn@0.47.0...0.48.0

Changelog

Sourced from uvicorn's changelog.

0.48.0 (May 24, 2026)

Changed

  • Default ssl_ciphers to None and use OpenSSL defaults (#2940)

Fixed

  • Ignore duplicate forwarding headers in ProxyHeadersMiddleware (#2944)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group in /frontend with 4 updates
28339fe 
Bumps the dependencies group in /frontend with 4 updates: [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit), [eslint-plugin-svelte](https://github.com/sveltejs/eslint-plugin-svelte/tree/HEAD/packages/eslint-plugin-svelte), [svelte](https://github.com/sveltejs/svelte/tree/HEAD/packages/svelte) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@sveltejs/kit` from 2.60.1 to 2.61.1
- [Release notes](https://github.com/sveltejs/kit/releases)
- [Changelog](https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.61.1/packages/kit)

Updates `eslint-plugin-svelte` from 3.17.1 to 3.18.0
- [Release notes](https://github.com/sveltejs/eslint-plugin-svelte/releases)
- [Changelog](https://github.com/sveltejs/eslint-plugin-svelte/blob/main/packages/eslint-plugin-svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/eslint-plugin-svelte/commits/eslint-plugin-svelte@3.18.0/packages/eslint-plugin-svelte)

Updates `svelte` from 5.55.9 to 5.55.10
- [Release notes](https://github.com/sveltejs/svelte/releases)
- [Changelog](https://github.com/sveltejs/svelte/blob/main/packages/svelte/CHANGELOG.md)
- [Commits](https://github.com/sveltejs/svelte/commits/svelte@5.55.10/packages/svelte)

Updates `typescript-eslint` from 8.59.4 to 8.60.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.0/packages/typescript-eslint)
Bump the dependencies group with 4 updates

Bumps the dependencies group with 4 updates: [fastapi](https://github.com/fastapi/fastapi), [sqlalchemy](https://github.com/sqlalchemy/sqlalchemy), [starlette](https://github.com/Kludex/starlette) and [uvicorn](https://github.com/Kludex/uvicorn).


Updates `fastapi` from 0.136.1 to 0.136.3
- [Release notes](https://github.com/fastapi/fastapi/releases)
- [Commits](fastapi/fastapi@0.136.1...0.136.3)

Updates `sqlalchemy` from 2.0.49 to 2.0.50
- [Release notes](https://github.com/sqlalchemy/sqlalchemy/releases)
- [Changelog](https://github.com/sqlalchemy/sqlalchemy/blob/main/CHANGES.rst)
- [Commits](https://github.com/sqlalchemy/sqlalchemy/commits)

Updates `starlette` from 1.0.1 to 1.2.0
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@1.0.1...1.2.0)

Updates `uvicorn` from 0.47.0 to 0.48.0
- [Release notes](https://github.com/Kludex/uvicorn/releases)
- [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md)
- [Commits](Kludex/uvicorn@0.47.0...0.48.0)

---
updated-dependencies:
- dependency-name: "@sveltejs/kit"
  dependency-version: 2.61.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: eslint-plugin-svelte
  dependency-version: 3.18.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: svelte
  dependency-version: 5.55.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.60.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: fastapi
  dependency-version: 0.136.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: sqlalchemy
  dependency-version: 2.0.50
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: starlette
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: uvicorn
  dependency-version: 0.48.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 29, 2026
@cbusillo cbusillo merged commit 3fa7e7c into main May 29, 2026
2 checks passed
@cbusillo cbusillo deleted the dependabot/dependencies-a7aded8d46 branch May 29, 2026 17:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cbusillo